aboutsummaryrefslogtreecommitdiffstats
path: root/etc
Commit message (Collapse)AuthorAge
* Fix Firefox 'Profile not found' for psd (v6.45) (#5348)Libravatar godbless2022-09-08
| | | | | | | | | | | * Fix Firefox 'Profile not found' for psd (v6.45) code change: `whitelist ${RUNUSER}/psd/*firefox*` fixes: #4568 * Whitelist ${RUNUSER}/psd/*firefox* * Fix workflow for github
* Add profile for chafa (#5355)Libravatar alkim02022-09-04
| | | Co-authored-by: Albert Kim <alkim@alkim.org>
* Make /etc/ssh/ssh_config.d visible for ssh (#5353)Libravatar slowpeek2022-09-02
|
* tracelog disabled by default in /etc/firejail/firejail.config fileLibravatar netblue302022-08-29
|
* merges, fixed lbry-viewer as suggestedLibravatar netblue302022-08-29
|
* Merge pull request #5331 from pirate486743186/lbry-viewer.profile-createLibravatar netblue302022-08-29
|\ | | | | lbry-viewer.profile create
| * lbry-viewer.profile createLibravatar pirate4867431862022-08-21
| |
* | tuir.profile creation (#5330)Libravatar pirate4867431862022-08-28
| | | | | | Co-authored-by: pirate486743186 <>
* | steam.profile: fix Proton-GE version in commentLibravatar Kelvin M. Klann2022-08-26
| | | | | | | | | | This amends commit e2631b40d ("steam.profile: fix breakage with newer Proton-GE (process_vm_readv)", 2022-08-20).
* | steam.profile: fix breakage with newer Proton-GE (process_vm_readv)Libravatar Kelvin M. Klann2022-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | As reported by @rsramkis on #5185, upgrading from Proton-7.2-GE-2[1] (released on 2022-02-14) to GE-Proton7-18[2] (released on 2022-05-19) breaks logging in on World of Tanks Blitz unless the `process_vm_ready` 32-bit syscall is allowed[3], so allow it. Fixes #5185. [1] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/7.2-GE-2 [2] https://github.com/GloriousEggroll/proton-ge-custom/releases/tag/GE-Proton7-18 [3] https://github.com/netblue30/firejail/issues/5185#issuecomment-1152350336
* | man.profile needs additional private-etc items on arch (#5322)Libravatar glitsj162022-08-18
| |
* | Fixed an AppArmor profile denial issue with ptrace and signals (#5317)Libravatar Азалия Смарагдова2022-08-18
| |
* | Merge pull request #5302 from pirate486743186/makedeb-profile-creationLibravatar netblue302022-08-14
|\ \ | | | | | | makedeb profile creation
| * | makedeb profile creationLibravatar pirate4867431862022-08-10
| |/
* | Merge pull request #5309 from qretornaz-adapei42/masterLibravatar netblue302022-08-14
|\ \ | | | | | | microsoft-edge.profile rewritten for stable channel and moved microsoft-edge{,-beta,-dev} from private-opt to whitelist
| * | microsoft-edge-{dev,beta}: replaced private-opt by whitelist #5307Libravatar Quentin RETORNAZ2022-08-11
| | |
| * | microsoft-edge.profile: rewrite profile for stable channelLibravatar Quentin RETORNAZ2022-08-11
| | | | | | | | | | | | | | | | | | * replaced private-opt by whitelist #5307 * added stable channel config dirs to disable-programs.inc
* | | Merge pull request #5285 from ra1nb0w/vmware-snapshotLibravatar netblue302022-08-14
|\ \ \ | | | | | | | | vmware.profile: snapshot requires /etc/mtab
| * | | vmware.profile: snapshot requires /etc/mtabLibravatar Davide Gerhard2022-08-02
| | |/ | |/| | | | | | | | | | | | | | | | This patch avoid the following error: Error: One of the parameters supplied is invalid Tested with VMware Workstation 16.2.4
* | | neomutt: Avoid creating empty files/directoriesLibravatar Hugo Osvaldo Barrera2022-08-11
| |/ |/| | | | | | | | | | | | | | | | | | | | | neomutt won't write to these locations. Processes it spawns might read to some of them, but creating an empty file doesn't help. This just pollutes user's $HOME with empty files and directories. I've kept a few paths that MAY be written to by neomutt; it's not ideal, but I want to minimise the risk of potential data loss, even if it is corener cases. See: https://github.com/netblue30/firejail/discussions/5276
* | fix(audacity): !5281 sharedlib bug on Arch/Fedora (#5300)Libravatar Christopher Morrow2022-08-10
| | | | | | | | | | | | | | | | | | | | | | * fix(audacity): !5281 sharedlib bug on Arch/Fedora removed `private-bin` line from audacity profile as it appears to block access to shared libraries needed to start audacity on some distributions. Relates to github issue #5281 * fix(audacity): Disabling apparmor and reenabling private-bin
* | Merge pull request #5299 from pirate486743186/description-makepkgLibravatar Kelvin M. Klann2022-08-10
|\ \ | | | | | | makepkg: add description
| * | makepkg.profile: add descriptionLibravatar pirate4867431862022-08-10
| |/
* / new profile: gdu (#5289)Libravatar glitsj162022-08-09
|/ | | | | | | | | | | | | | | * add gdu to 'new profiles' section * Create gdu.profile * add gdu to firecfg * harden gdu sandbox * fix protocol * simulate empty protocol in gdu * more user-friendly gdu sandboxing
* Merge pull request #5259 from smitsohu/nsLibravatar smitsohu2022-07-31
|\ | | | | introduce new option restrict-namespaces
| * introduce new option restrict-namespacesLibravatar smitsohu2022-07-23
| |
* | Deny Tor related profiles access to /sys/class/netLibravatar Tad2022-07-23
| | | | | | | | | | | | | | | | This directory contains the MAC address for connections available Tested working with torbrowser-launcher and onionshare Signed-off-by: Tad <tad@spotco.us>
* | viewnior.profile: allow accessing its /usr/share directory (#5270)Libravatar NetSysFire2022-07-23
|/
* remmina.profile: allow python3 (#5253)Libravatar NetSysFire2022-07-17
| | | | | | | | | * remmina.profile: allow python * Update etc/profile-m-z/remmina.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* refresh syscall groups (#5188)Libravatar smitsohu2022-07-17
| | | | | | | | | | | | now covers syscalls up to including process_madvise (440) group assignment was blindly copied from systemd: https://github.com/systemd/systemd/blob/729d2df8065ac90ac606e1fff91dc2d588b2795d/src/shared/seccomp-util.c#L305 the only exception is close_range, which was added to both @basic-io and @file-system this commit adds the following syscalls to the default blacklist: pidfd_getfd,fsconfig,fsmount,fsopen,fspick,move_mount,open_tree
* aria2c.profile: add comment to winetricks workaroundLibravatar Kelvin M. Klann2022-07-11
| | | | | | | | As a reminder to create a profile for winetricks instead of allowing access to its paths to programs used by winetricks (see #5238). Added on commit 0ec1c66b5 ("aria2c.profile: allow access to ~/.cache/winetricks") / PR #5238.
* aria2c.profile: allow access to ~/.cache/winetricksLibravatar Davide Beatrici2022-07-06
| | | | Otherwise winetricks fails to download packages.
* add Colossal Order to steam.profileLibravatar 0x9fff002022-07-05
|
* add Paradox Launcher to blacklisted programs listLibravatar Serphentas2022-06-26
|
* add Paradox Launcher to Steam profileLibravatar Serphentas2022-06-26
|
* disabled private-lib in /etc/firejail/firejail.configLibravatar netblue302022-06-23
|
* Transmission fixes: drop private-lib (#5213)Libravatar glitsj162022-06-22
| | | | | | | * drop private-lib * drop private-lib * drop private-lib
* Revert "xonotic.profile: fix audit denial spam"Libravatar Tad2022-06-20
| | | | | | | Logging is now default disabled in c7e4c8ed592fee7f1644152a23c3e1343b01b922 See https://github.com/netblue30/firejail/issues/5207 This reverts commit c0d314f945b405f1e90a1a43719059cd22f55de7.
* reverting previous seccomp log fix (#5207)Libravatar netblue302022-06-20
|
* Remove shell none from profilesLibravatar rusty-snake2022-06-19
| | | | | | | | | | | | | | | | | | | | | | | Command: sed -i "/^shell none/d" etc/*/* TODO: ``` etc/profile-a-l/beaker.profile:ignore shell none etc/profile-a-l/default.profile:# shell none etc/profile-a-l/fdns.profile:#shell none etc/profile-a-l/gnome-nettool.profile:#shell none etc/profile-a-l/jitsi-meet-desktop.profile:ignore shell none etc/profile-m-z/pidgin.profile:# shell none etc/profile-m-z/rocketchat.profile:ignore shell none etc/profile-m-z/server.profile:# shell none etc/templates/profile.template:# OPTIONS (caps*, net*, no*, protocol, seccomp*, shell none, tracelog) etc/templates/profile.template:#shell none ``` - manpage - RELNOTES - fbuilder
* seccomp-log support in firejail.configLibravatar netblue302022-06-18
|
* fixing seccomp log (#5207)Libravatar netblue302022-06-17
|
* fix artha and add dbus-user filteringLibravatar glitsj162022-06-16
|
* disable chroot by default in /etc/firejail/firejail.configLibravatar netblue302022-06-13
|
* disable cgroup codeLibravatar netblue302022-06-13
|
* Add comment for enabling D-Bus desktop notifications to ↵Libravatar glitsj162022-06-05
| | | | | | | transmission-{gtk,qt} (#5175) * add comment for enabling desktop notifications * add comment for enabling desktop notifications
* disable-shell.inc: add global shell paths from ids.configLibravatar Kelvin M. Klann2022-06-02
| | | | | | | | | | | Since /etc/profile is present, add the other shell-related paths in /etc that are listed on ids.config. Suggestion by @rusty-snake[1]. Relates to #5167 #5170. [1] https://github.com/netblue30/firejail/pull/5167#pullrequestreview-989621852
* ids.config: sort global shell pathsLibravatar Kelvin M. Klann2022-06-02
|
* Merge pull request #5170 from kmk3/ids-add-sh-pathsLibravatar netblue302022-05-31
|\ | | | | ids.config: add missing global shell paths
| * ids.config: add missing global shell pathsLibravatar Kelvin M. Klann2022-05-30
| | | | | | | | | | | | Add missing paths for bash, ksh and zsh. Environment: Artix Linux
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-30 10:19:39 +0000